CVE-2025-35970
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SEIKO EPSON | Multiple EPSON product | see the information provided by the vendor | affected |
| FUJIFILM Corporation | FRONTIER DX400W | all versions | affected |
Weaknesses
- CWE-1391: Use of weak credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.epson.jp/support/misc_t/250807_oshirase.htm
- https://global.fujifilm.com/en/news/hq/697e
- https://jvn.jp/en/vu/JVNVU91363496/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.